• Tobias Tebbi's avatar
    Reland: [csa] verify skipped write-barriers in MemoryOptimizer · a19c3ffb
    Tobias Tebbi authored
    With very few exceptions, this verifies all skipped write-barriers in
    CSA and Torque, showing that the MemoryOptimizer together with some
    type information on the stored value are enough to avoid unsafe skipped
    write-barriers.
    
    Changes to CSA:
    SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
    MemoryOptimizer by default.
    Type information about the stored values (TNode<Smi>) is exploited to
    safely skip write barriers for stored Smi values.
    In some cases, the code is re-structured to make it easier to consume
    for the MemoryOptimizer (manual branch and load elimination).
    
    Changes to the MemoryOptimizer:
    Improve the MemoryOptimizer to remove write barriers:
    - When the store happens to a CSA-generated InnerAllocate, by ignoring
      Bitcasts and additions.
    - When the stored value is the HeapConstant of an immortal immovable root.
    - When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
    - Fast C-calls are treated as non-allocating.
    - Runtime calls can be white-listed as non-allocating.
    
    Remaining missing cases:
    - C++-style iterator loops with inner pointers.
    - Inner allocates that are reloaded from a field where they were just stored
      (for example an elements backing store). Load elimination would fix that.
    - Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
      We could handle that in Torque.
    - Double-aligned allocations, which are not lowered in the MemoryOptimizer
      but in CSA.
    
    Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
    can be handled by overload resolution (in Torque and C++).
    
    Reland Change: Support pointer compression operands.
    
    R=jarin@chromium.org
    TBR=mvstanton@chromium.org
    
    Bug: v8:7793
    Change-Id: I84e1831eb6bf9be14f36db3f8b485ee4fab6b22e
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612904
    Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
    Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
    Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#61522}
    a19c3ffb
Name
Last commit
Last update
..
backend Loading commit data...
DEPS Loading commit data...
OWNERS Loading commit data...
STYLE Loading commit data...
access-builder.cc Loading commit data...
access-builder.h Loading commit data...
access-info.cc Loading commit data...
access-info.h Loading commit data...
all-nodes.cc Loading commit data...
all-nodes.h Loading commit data...
allocation-builder-inl.h Loading commit data...
allocation-builder.h Loading commit data...
basic-block-instrumentor.cc Loading commit data...
basic-block-instrumentor.h Loading commit data...
branch-elimination.cc Loading commit data...
branch-elimination.h Loading commit data...
bytecode-analysis.cc Loading commit data...
bytecode-analysis.h Loading commit data...
bytecode-graph-builder.cc Loading commit data...
bytecode-graph-builder.h Loading commit data...
bytecode-liveness-map.cc Loading commit data...
bytecode-liveness-map.h Loading commit data...
c-linkage.cc Loading commit data...
checkpoint-elimination.cc Loading commit data...
checkpoint-elimination.h Loading commit data...
code-assembler.cc Loading commit data...
code-assembler.h Loading commit data...
common-node-cache.cc Loading commit data...
common-node-cache.h Loading commit data...
common-operator-reducer.cc Loading commit data...
common-operator-reducer.h Loading commit data...
common-operator.cc Loading commit data...
common-operator.h Loading commit data...
compilation-dependencies.cc Loading commit data...
compilation-dependencies.h Loading commit data...
compiler-source-position-table.cc Loading commit data...
compiler-source-position-table.h Loading commit data...
constant-folding-reducer.cc Loading commit data...
constant-folding-reducer.h Loading commit data...
control-equivalence.cc Loading commit data...
control-equivalence.h Loading commit data...
control-flow-optimizer.cc Loading commit data...
control-flow-optimizer.h Loading commit data...
dead-code-elimination.cc Loading commit data...
dead-code-elimination.h Loading commit data...
decompression-elimination.cc Loading commit data...
decompression-elimination.h Loading commit data...
diamond.h Loading commit data...
effect-control-linearizer.cc Loading commit data...
effect-control-linearizer.h Loading commit data...
escape-analysis-reducer.cc Loading commit data...
escape-analysis-reducer.h Loading commit data...
escape-analysis.cc Loading commit data...
escape-analysis.h Loading commit data...
frame-states.cc Loading commit data...
frame-states.h Loading commit data...
frame.cc Loading commit data...
frame.h Loading commit data...
functional-list.h Loading commit data...
graph-assembler.cc Loading commit data...
graph-assembler.h Loading commit data...
graph-reducer.cc Loading commit data...
graph-reducer.h Loading commit data...
graph-trimmer.cc Loading commit data...
graph-trimmer.h Loading commit data...
graph-visualizer.cc Loading commit data...
graph-visualizer.h Loading commit data...
graph.cc Loading commit data...
graph.h Loading commit data...
int64-lowering.cc Loading commit data...
int64-lowering.h Loading commit data...
js-call-reducer.cc Loading commit data...
js-call-reducer.h Loading commit data...
js-context-specialization.cc Loading commit data...
js-context-specialization.h Loading commit data...
js-create-lowering.cc Loading commit data...
js-create-lowering.h Loading commit data...
js-generic-lowering.cc Loading commit data...
js-generic-lowering.h Loading commit data...
js-graph.cc Loading commit data...
js-graph.h Loading commit data...
js-heap-broker.cc Loading commit data...
js-heap-broker.h Loading commit data...
js-heap-copy-reducer.cc Loading commit data...
js-heap-copy-reducer.h Loading commit data...
js-inlining-heuristic.cc Loading commit data...
js-inlining-heuristic.h Loading commit data...
js-inlining.cc Loading commit data...
js-inlining.h Loading commit data...
js-intrinsic-lowering.cc Loading commit data...
js-intrinsic-lowering.h Loading commit data...
js-native-context-specialization.cc Loading commit data...
js-native-context-specialization.h Loading commit data...
js-operator.cc Loading commit data...
js-operator.h Loading commit data...
js-type-hint-lowering.cc Loading commit data...
js-type-hint-lowering.h Loading commit data...
js-typed-lowering.cc Loading commit data...
js-typed-lowering.h Loading commit data...
linkage.cc Loading commit data...
linkage.h Loading commit data...
load-elimination.cc Loading commit data...
load-elimination.h Loading commit data...
loop-analysis.cc Loading commit data...
loop-analysis.h Loading commit data...
loop-peeling.cc Loading commit data...
loop-peeling.h Loading commit data...
loop-variable-optimizer.cc Loading commit data...
loop-variable-optimizer.h Loading commit data...
machine-graph-verifier.cc Loading commit data...
machine-graph-verifier.h Loading commit data...
machine-graph.cc Loading commit data...
machine-graph.h Loading commit data...
machine-operator-reducer.cc Loading commit data...
machine-operator-reducer.h Loading commit data...
machine-operator.cc Loading commit data...
machine-operator.h Loading commit data...
map-inference.cc Loading commit data...
map-inference.h Loading commit data...
memory-optimizer.cc Loading commit data...
memory-optimizer.h Loading commit data...
node-aux-data.h Loading commit data...
node-cache.cc Loading commit data...
node-cache.h Loading commit data...
node-marker.cc Loading commit data...
node-marker.h Loading commit data...
node-matchers.cc Loading commit data...
node-matchers.h Loading commit data...
node-origin-table.cc Loading commit data...
node-origin-table.h Loading commit data...
node-properties.cc Loading commit data...
node-properties.h Loading commit data...
node.cc Loading commit data...
node.h Loading commit data...
opcodes.cc Loading commit data...
opcodes.h Loading commit data...
operation-typer.cc Loading commit data...
operation-typer.h Loading commit data...
operator-properties.cc Loading commit data...
operator-properties.h Loading commit data...
operator.cc Loading commit data...
operator.h Loading commit data...
osr.cc Loading commit data...
osr.h Loading commit data...
per-isolate-compiler-cache.h Loading commit data...
persistent-map.h Loading commit data...
pipeline-statistics.cc Loading commit data...
pipeline-statistics.h Loading commit data...
pipeline.cc Loading commit data...
pipeline.h Loading commit data...
property-access-builder.cc Loading commit data...
property-access-builder.h Loading commit data...
raw-machine-assembler.cc Loading commit data...
raw-machine-assembler.h Loading commit data...
redundancy-elimination.cc Loading commit data...
redundancy-elimination.h Loading commit data...
refs-map.cc Loading commit data...
refs-map.h Loading commit data...
representation-change.cc Loading commit data...
representation-change.h Loading commit data...
schedule.cc Loading commit data...
schedule.h Loading commit data...
scheduler.cc Loading commit data...
scheduler.h Loading commit data...
select-lowering.cc Loading commit data...
select-lowering.h Loading commit data...
serializer-for-background-compilation.cc Loading commit data...
serializer-for-background-compilation.h Loading commit data...
simd-scalar-lowering.cc Loading commit data...
simd-scalar-lowering.h Loading commit data...
simplified-lowering.cc Loading commit data...
simplified-lowering.h Loading commit data...
simplified-operator-reducer.cc Loading commit data...
simplified-operator-reducer.h Loading commit data...
simplified-operator.cc Loading commit data...
simplified-operator.h Loading commit data...
state-values-utils.cc Loading commit data...
state-values-utils.h Loading commit data...
store-store-elimination.cc Loading commit data...
store-store-elimination.h Loading commit data...
type-cache.cc Loading commit data...
type-cache.h Loading commit data...
type-narrowing-reducer.cc Loading commit data...
type-narrowing-reducer.h Loading commit data...
typed-optimization.cc Loading commit data...
typed-optimization.h Loading commit data...
typer.cc Loading commit data...
typer.h Loading commit data...
types.cc Loading commit data...
types.h Loading commit data...
value-numbering-reducer.cc Loading commit data...
value-numbering-reducer.h Loading commit data...
verifier.cc Loading commit data...
verifier.h Loading commit data...
wasm-compiler.cc Loading commit data...
wasm-compiler.h Loading commit data...
write-barrier-kind.h Loading commit data...
zone-stats.cc Loading commit data...
zone-stats.h Loading commit data...